DNS records are part of your business continuity stack. If your DNS manages traffic, email, APIs, or any other system your business depends on, losing those records — or having them changed without a recovery path — is an operational risk worth taking seriously.
DNS changes are easy to make. They're equally easy to lose. A misconfigured record, a deleted zone, an accidental bulk update — and suddenly you're rebuilding from memory or hunting through change logs that may not exist.
I built a Bash script to solve this: cloudflare-backup. It runs on a schedule, exports all your Cloudflare DNS records into timestamped BIND-format files, and keeps them versioned so you always have a recoverable snapshot.
What the script does
- Retrieves all Cloudflare zones within your account
- Handles API pagination automatically
- Converts DNS records into BIND-compatible format
- Creates timestamped backup files ready for version control
- Uses environment variables for secure credential storage
- Requires only bash, curl, and jq
- Wires into cron for daily automated runs
Why BIND format?
BIND format is the standard for DNS zone files. Exporting to it means your backups are portable — you can inspect them in a text editor, diff them with git, import them into another provider, or hand them to an ops team member without needing special tooling.
The principle
For technical leaders, the principle applies equally to AI agents, infrastructure, automations, and DNS systems: make it observable, restorable, and boring.
A daily cron job running a 50-line Bash script is boring. Rebuilding your DNS zone at 2am after an incident is not.
The project is open source on GitHub: github.com/mylesagnew/cloudflare-backup
Originally published on LinkedIn Pulse.